Microsoft simultaneously combats, profits from and contributes to cybersecurity problems.
Andrew J. Grotto is the William J. Perry International Security Fellow at Stanford University and the founding director of the Program on Geopolitics, Technology and Governance at the Stanford Cyber Policy Center. He serves as the faculty lead for the Cyber Policy and Security specialization in Stanford's Ford Dorsey Master's in International Policy degree program and teaches the core cyber policy course for the specialization. He is also a visiting fellow at the Hoover Institution. He served as senior director for cyber policy on the National Security Council during the Obama and Trump administrations from late 2015 through May of 2017.
Subscribe to this Lawfare contributor via RSS.
It will fall on the incoming Biden administration to implement the new office—and a great deal of hard work lies ahead.
What would it take to make America more resilient against propaganda campaigns?
There is a mounting gap between what the headlines say about the costs of cyber insecurity to the U.S. economy and the results of data-driven research on this topic—with negative implications for cybersecurity. Congress should move to narrow the gap by passing a federal law that takes two steps to protect data. First, it should require companies that possess sensitive personal information to publicly disclose when significant breaches of this information occur.
In February, the White House attributed “the most destructive and costly cyberattack in history,” a summer 2017 attack affecting critical infrastructure and other victims around the world, to Russian intelligence services. The malicious code used in the attack, known as NotPetya, permanently encrypts the data on the computers that it has infected, essentially destroying them.